Europe’s cyber insurance market is growing fast

Cyber attacks have grown more sophisticated owing to advancements in artificial intelligence (AI), making them easier to execute.

The World Economic Forum has identified “cyber insecurity” as the fourth-most significant global risk over the next two years and one of the top 10 global risks over the next decade.

Political factors also contribute to cyber threats, exemplified by increased cyber attacks from Russian state-backed actors after the Ukraine conflict began in 2022. This makes cyber insurance – and developing the skills to manage this high-profile, emerging risk – crucial for national economic resilience.

In response, the EU has introduced the NIS2 directive, the Digital Operational Resilience Act, the Cyber Resilience Act and the Cyber Solidarity Act to boost cyber resilience, enhance cyber security and improve co-ordination among member states.

A market poised for major growth

The cyber insurance market in Europe has experienced major growth in recent years, although it is still in its infancy compared with the more developed market in the US.

The US cyber market has developed significantly, partly because of data privacy legislation introduced in the early 2000s and the requirement for organisations to meet their third-party liability exposures.

But that is beginning to change as businesses in Europe realise what role cyber insurance can play in their overall risk management strategy. Some regions in Europe have experienced 50% annual growth in cyber insurance markets.

This trend is likely to reflect the significant impact the WannaCry and NotPetya ransomware attacks of 2017 have had on raising awareness about the risk of cyber attacks and their potential to disrupt business operations. The influence of the General Data Protection Regulation on attitudes regarding cyber insurance should also not be underestimated.

Cyber insurance not only safeguards an organisation’s financial stability by offering compensation after incidents occur, but it also provides expert consultancy to enhance security measures and delivers incident response support during crises. The provision of pre-loss prevention and post-loss services are key to helping organisations recover more quickly.

To prevent financial and reputational harm from cyber incidents, companies will need to implement proactive cyber risk management including continuity business plans and align their cyber insurance with their security strategy.

The cyber security gap

The European cyber insurance market has been experiencing growth in parallel with the sector’s digitalisation, now offering various coverage options to address specific cyber threats and help companies protect their digital assets and data against cyber risks. Global cyber attacks, including ransomware, malware, phishing and cloud vulnerabilities have sharply increased, causing financial, productivity and reputational damage to businesses.

Initially, the market focused on addressing significant risks; however, medium-sized and small companies with sometimes reduced cyber security are now increasingly targeted by cyber attacks and are consequently seeking cyber insurance.

Owing to the rise of AI threats and heightened regulatory scrutiny, demand for cyber insurance is anticipated to grow in Europe. 

Despite this, there remains a gap in cyber protection, with underinsurance being a significant issue for both businesses and individuals. According to the Global Federation of Insurance Associations, the gap between the total economic impact of cyber attacks and the coverage provided by current insurance policies is estimated to be $900bn each year.

Increased market penetration

Purchasing behaviour has been influenced by buyers across various industry sectors, including manufacturing, financial institutions, and energy. This trend is particularly noticeable in regions like the Nordics and central and eastern Europe, where product penetration has been lower so far.

Several key markets, including Germany and France, present highly promising opportunities. Additionally, awareness of cyber risk is increasing in smaller markets throughout southern and northern Europe. Consequently, there is increasing recognition that cyber coverage is a significant factor for successful economic growth.

Major sporting events, such as European football games and the Olympics, are big drivers of cyber insurance demand. According to cyber security provider NTT, the 2020 Tokyo Olympics recorded 450 million cyber attacks, 2.5 times more than those reported at the 2012 London Olympics. Due to rising geopolitical tensions, the 2024 Paris Olympics anticipated 10 times more cyber attacks than occured during the Tokyo event. Based on these trends, the cyber security market is anticipated to continue expanding and evolving, presenting many opportunities for insurers.

Cyber opportunities for London market

London market players are looking for growth and opportunities on the continent, for example, through delegated authority business facilities in the Netherlands, reflecting the fact continental Europe is starting to play catch-up in a major way. Insurance companies in Europe have also adopted a prudent approach, recognising cyber remains a complex line of business that will continue to change rapidly in the face of an uncertain threat landscape. 

The advancement of digitalisation suggests cyber risks will likely increase as hackers discover new methods to exploit system vulnerabilities and disrupt organisations. Key areas to watch include supply chain attacks, silent attacks, increasingly sophisticated regulatory fines and penalties and changes in data protection litigation.

Alongside efforts to make an organisation’s attack surface smaller and harder to compromise, cyber insurance and security have a pivotal role to play in how a business manages and mitigates this rapidly evolving and complex risk. 

It has become a crucial factor in business relationships, moving away from a burden to a basic requirement that drives digital business and helps limit the impact of a potential attack. 

Kennet Otto and Georgy Matov are senior directors of insurance consulting and technology at WTW